<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
On 10/27/2010 10:06 AM, Steve Totaro wrote:<br>
<blockquote
cite="mid:AANLkTim_7MJ=MBT0s_FBUVo-yvPJiUTt-cLbUbCeb3Ug@mail.gmail.com"
type="cite">
<div class="gmail_quote">On Tue, Oct 26, 2010 at 11:31 AM, Jonas
Kellens <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:jonas.kellens@telenet.be">jonas.kellens@telenet.be</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div text="#000000" bgcolor="#ffffff"><font
face="Helvetica, Arial, sans-serif">Hello,<br>
<br>
has anyone experience with auto provisioning IP-phones on different
locations through a central public provisioning server ? You use http
or https ?<br>
<br>
Is there a danger that one uses a different MAC-address in the
provisioning link to obtain SIP username / password settings ?<br>
<br>
<br>
Kind regards,<br>
Jonas.<br>
</font>
</div>
<br>
</blockquote>
<div><br>
Yes, there is a danger, especially with TFTP, but also with FTP to a
lesser degreee.<br>
<br>
If someone guessed correctly, they could download the config file for
another phone.<br>
<br>
Thanks,<br>
Steve T <br>
</div>
</div>
</blockquote>
<br>
<br>
If I find a way to implement it... https would be safer ?<br>
<br>
Or is the only safe way to work with certificates that are loaded on
the IP-phone ?!<br>
<br>
Jonas.<br>
</body>
</html>